Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] lazy build on demand #98

Open
dominikg opened this issue Jun 6, 2024 · 3 comments
Open

[feat] lazy build on demand #98

dominikg opened this issue Jun 6, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@dominikg
Copy link

dominikg commented Jun 6, 2024

Eagerly building and publishing each commit to a registry can be demanding and requires active participation by the repo hosting the package (adding a workflow, configuration etc)

What if it was possible to do npm install vite@tbd --registry=https://pkg.pr.new or "vite":"https://pkg.pr.new/vite/tbd" instead? where tbd is a name scheme that tells the registry which commit exactly.

In the implementation, the first time someone requests a version, it would fetch the repo info from the public registry, then shallow fetch that commit, build and publish and then return the package. As soon as it is being built, other requests would wait for the first to finish. After it is published, it doesn't have to be built again.

Advantages

  1. only packages that get requested are built/stored
  2. implementing eviction after X days without a request + LRU gives you more control over max resource used.
  3. in monorepos with workspace: references you can easily use these lazy build references to resolve them

Possible issues

How do you know the calls needed to build the package, esp if they can change over time?

Idea: by default, look for build/publish scripts, just call them (for publish override the registry with your custom). If that doesn't work/exist, check workflows for release/publish.yml and again override the registry. Last resort is a configuration for that package in its own repo or here

How to secure it?

To prevent someone creating a malicious fork and then promoting the on-demand url it should be possible to block on a repo basis or and/or check for workflow run permission on the PR of that fork in the origin repo (not sure if thats possible via gh api)
@dominikg
Copy link
Author

dominikg commented Jun 6, 2024

Regarding space requirements, vite for example is 825kb per .tgz. Last 30 days there were about 100 active PRs and 150 commits on the core repo, so you'd be looking at 100mb at least if you retain them all. This adds up quickly.

@Aslemammad
Copy link
Member

Thank you so much for this! It's really interesting, I might soon experiment with it and get back to you.

@AmirSa12
Copy link
Member

it would be nice if we make a UI, something like a dashboard to show all the lazy workflows and a button to trigger them.

@Aslemammad Aslemammad added the enhancement New feature or request label Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dominikg @Aslemammad @AmirSa12